US Army Gen. Paul Nakasone, who heads both US Cyber Command and the National Security Agency, told the House Armed Services Subcommittee on Intelligence and Emerging Threats and Capabilities Wednesday that the US is prepared to more aggressively strike back in response to cyber attacks. His statement follows a US Navy report detailing how the service has failed to protect sensitive information from Chinese and Russian hackers.
Assistant Defense Secretary for Homeland Defense Kenneth Rapuano told the subcommittee during the same hearing that a more aggressive stance could deter future attacks.
"Historically, we have not done that," Rapuano said. "And that really is the paradigm shift that is really laid out in our strategy."
Nakasone advised that "imposing consequences on adversaries in a way that's predictable enough for them" could dissuade attacks.
The Cybersecurity Readiness Review published by the US Navy on Tuesday said that Navy facilities and service partners have been caught "flat-footed" by cyberattacks.
"Despite our adversaries' clear statements of intent, the [Navy] did not anticipate this attack vector," the report states, noting that "several significant" breaches of Navy systems resulted in "massive amounts" of classified data on national security being stolen not only from the Navy, but from its partner industry contractors, too.
The report was ordered by Navy Secretary Richard Spencer last October, who warned at the time that "attacks on our networks are not new, but attempts to steal critical information are increasing in both severity and sophistication."
"We must act decisively to fully understand both the nature of these attacks and how to prevent further loss of vital military information," Spencer said, according to Task and Purpose.
"We are under siege," a senior Navy official told The Wall Street Journal Tuesday. "People think it's much like a deadly virus — if we don't do anything, we could die."
However, even after the report, the Pentagon clearly doesn't know all of its own weaknesses or what's been lost. "Because of the scarcity of resources available, and the limitations of the available art and science of detection, the DoD [Department of Defense] and DoN [Department of the Navy] have only a limited understanding of the actual totality of losses that are occurring," the report says.
US President Donald Trump's 2020 budget proposal, presented earlier this week, provides for a 10 percent spending boost for Pentagon cyber operations, to the tune of $9.6 billion.